Security

It’s time to rework our ideas about technology. Consumers should demand better security built in up front, governments should hold companies accountable for the problems their technologies create.

If we don’t fundamentally change how we build and secure tech our problems will get much worse.

Modern computing security is like a flimsy house that needs to be fundamentally rebuilt. In recent years, we have suffered small collapses here and there, and made superficial fixes in response. There has been no real accountability for the companies at fault, even when the failures were a foreseeable result of underinvestment in security or substandard practices rather than an outdated trade-off of performance for security.

There are better ways to make systems more secure. For example, you can build more isolation and separation into our systems, moving security functions to properly audited hardware and away from software (which is always more vulnerable). Things cannot be hacked if they cannot be reached. This may mean that we have to sacrifice some speed for security.

As things stand, we suffer through hack after hack, security failure after security failure. If commercial airplanes fell out of the sky regularly, we wouldn’t just shrug. We would invest in understanding flight dynamics, hold companies accountable that did not use established safety procedures, and dissect and learn from new incidents that caught us by surprise.

And indeed, with airplanes, we did all that. There is no reason we cannot do the same for safety and security of our digital systems.

Credit agencies created the dangerous data model which regularly hurts consumers. It’s time for them to go. Credit reporting is done successfully in many other countries by a central bank. We need to move to that model.

Credit bureaus have proved to be complete failures at safeguarding the public. Let’s demand we get our data back.

In at least 40 other countries — including Belgium, France, Germany, Italy and Spain — credit reporting can be done by a public credit registry. It is usually operated by a central bank that already oversees the financial institutions that feed information into the reports. These reports tend to be more accurate because the operators have a legal right to demand data from banks as well as a mandate to ensure it’s correct and that errors are fixed. Data on late payments and defaults are erased once a consumer has settled up.

Many of these public registries leave out things like medical debt, tax information and personal details like marital status, focusing only on loan amounts. Only about 40 percent of registries collect consumers’ addresses, and two-thirds collect taxpayer IDs — the kind of information leaked in the Equifax breach.

The Amazon Echo is a perfect way for the government to spy on citizens. Sure, Amazon rejects requests for the data but that doesn’t obviate the two big issues here.

The first is that the audio and data are recorded and kept. If it’s stored, even briefly, then hackers can get it. Especially state actors. The courts may yet force companies to give it up.

The second and larger issue is that we don’t have laws protecting the privacy of our data. We need regulations that keep up with changing technology. We need rules that favor citizens, not companies, and certainly not governements.

Make a great no mistake we don’t need in vase privacy busting tools to keep the world a safe place. It already is safer than it ever has been and this trend predates even the Internet.

What we do need is a world in which private activities and communications are secure. We need people to feel comfortable saying and doing what they need to on their phones and the Web without fear that it will be used against them. This will have far greater benefit to mankind and the free world than spy tech that invades your phone ever could.

NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”
The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target’s personal life and what governments they will do business with.

The only solution against this onslaught of freedom killing software and the surveillance state is actually the government. People have to write laws that forbid this type of software and associated technologies. That won’t completely prevent this type of invasive snooping but it will limit it and give people recourse to fight companies that profit from stealing our personal and private info.

Share this:

Like this:

Securing every public place, metal detectors at soft targets, guards (human or robot) everywhere are not the solutions we need.

Orlando should not be a call to lock things down. Think about what has helped the LGBT community the most over the years: openness, understanding, awareness.

We all too often fear the wrong things. Terrorism and mass killings strike our nerves, but we overlook all the other things that are far more likely to kill us (car accidents, disasters, carcinogens, environmental toxins, climate change, to name a few).

This writer puts too much emphasis on physically securing things. He cites Israel and Ireland in the 80’s. These are not the places we should strive to build.

Openness and tolerance paired with vigilance is a better path. Keeping harmful weapons from people likely to use them would help. There is no valid argument not to require licencing and registration of weapons. Better awareness and treatment of mental health and domestic violence issues would be preferable to fences. For that matter treating underlying causes of violent tendencies would be a good place to start. Poverty, marginalization, extremism, fundamentalism, these are the things that drive mass killings. Let’s hear about some solutions for these issues.